{"version":"1.0","provider_name":"Jui-Nan Lin&#039;s Blog","provider_url":"https:\/\/jnlin.org","author_name":"jnlin","author_url":"https:\/\/jnlin.org\/author\/jnlin\/","title":"Migrate From UNIX\/NIS Password to LDAP","html":"\u9996\u5148\u5148\u5b89\u88dd LDAP \u4e26\u8a2d\u5b9a\u597d\u3002\u8acb\u53c3\u8003 <a href=\"\/?p=91>Install OpenLDAP on FreeBSD<\/a>\u3002\r\n<a href=\"http:\/\/www.padl.com\/\">PADL Software Pty Ltd<\/a> \u9019\u5bb6\u516c\u53f8\u63d0\u4f9b\u4e86\u4e00\u5957 Open Source \u7684 Migration Tools\uff0c\u53ef\u4ee5\u5728<a href=\"http:\/\/www.padl.com\/download\/MigrationTools.tgz\">\u9019\u88e1<\/a>\u4e0b\u8f09\u3002\r\n<!--more-->\r\n\u4e0b\u8f09\u4e4b\u5f8c\u8acb\u89e3\u58d3\u7e2e\uff1a<ul><code>\r\n      #tar zxvf MigrationTools.tgz\r\n      #cd MigrationTools-46\r\n<\/code><\/ul>\r\n\u63a5\u8457\u8acb\u4fee\u6539 migrate_common.ph:\r\n<ul>\r\n      $DEFAULT_MAIL_DOMAIN\r\n      $DEFAULT_MAIL_HOST\r\n      LDAP \u7684 mail \u5c6c\u6027\u7684 Domain \uff0c\u4f8b\u5982\uff1acs.nctu.edu.tw\r\n\r\n      $DEFAULT_BASE\r\n      LDAP \u7684 Base DN\uff0c\u4f8b\u5982\uff1adc=cs,dc=nctu,dc=edu,dc=tw\u3002\r\n\r\n      $EXTENDED_SCHEMA\r\n      \u662f\u5426\u52a0\u5165 organizationalPerson \u8207 inetOrgPerson \u7684\u8cc7\u6599\u3002\r\n<\/ul>\r\n\u518d\u63a5\u4e0b\u4f86\u8acb\u4fee\u6539 migrate_passwd.pl\uff0c\u627e\u5230local($user, $pwd, $uid, $gid, $gecos, $homedir, $shell) = split(\/:\/);\u9019\u4e00\u6bb5\uff0c\u5c07\u4ed6\u6539\u6210\u53ef\u4ee5\u5206\u6790 master.passwd (\u6216\u4efb\u4f55 shadow\u6a94) \u7684\u683c\u5f0f\u3002\u53e6\u5916\u8981\u5c07\u8207 kerberos \u6709\u95dc\u7684\u7a0b\u5f0f\u78bc\u5168\u90e8\u8a3b\u89e3\u8d77\u4f86\uff08\u61c9\u8a72\u6709\u5169\u6bb5\uff09\u3002\r\n\r\n\u5982\u679c\u4f60\u7684 gecos \u6709 multibyte \u7684\u8cc7\u6599\uff0c\u5fc5\u9808\u5148\u8f49\u6210 utf-8 \u624d\u80fd\u958b\u59cb\u532f\u5165 LDAP\u3002\r\n\r\n\u5982\u679c\u4f60\u6709\u9700\u8981\u8b93 Linux \u4e5f\u5403 LDAP \u7684\u5e33\u865f\u5bc6\u78bc\uff0c\u5fc5\u9808\u5728\u52a0\u4e0a\u5169\u884c\uff1a\r\n<ul><code>\r\n      print $HANDLE \"objectClass: shadowAccount\\n\";\r\n      print $HANDLE \"shadowLastChange: 0\\n\"; \r\n<\/code><\/ul>\r\n\u5982\u679c\u4f60\u6709\u9700\u8981\u8b93 Samba \u4e5f\u5403 LDAP \u7684\u5e33\u865f\u5bc6\u78bc\uff0c\u5fc5\u9808\u5728\u52a0\u4e0a\u5169\u884c\uff1a\r\n<ul><code>\r\n      print $HANDLE \"objectClass: sambaSamAccount\\n\";\r\n      print $HANDLE \"sambaSID: S-1-5-21-4000614413-3301257388-2182072073-$uid\\n\"; \r\n<\/code><\/ul>\r\n\u5176\u4e2d sambaSID: S-1-5-21-4000614413-3301257388-2182072073 \u7684\u90e8\u4efd\uff0c\u8acb\u53c3\u8003 Samba with LDAP \u9019\u5206\u6587\u4ef6\u3002\r\n\r\n\u63a5\u8457\u5c31\u53ef\u4ee5\u57f7\u884c migrate_all_online.sh\uff0c\u5c07\u7cfb\u7d71\u7684\u8cc7\u6599\u532f\u5165 LDAP\u3002\r\n\r\n\u5982\u679c\u4f60\u60f3\u8981\u8b93 FreeBSD \u7528 LDAP \u7684\u5e33\u865f\u5bc6\u78bc\u4f5c\u8a8d\u8b49\uff0c\u8acb\u770b <a href=\"\/?p=93\">Enable nss_ldap in FreeBSD<\/a>\u3002\r\n\r\n\u9644\u8a3b:\r\n\u9019\u662f\u6211\u53e6\u5916\u8a2d\u5b9a\u7684\u74b0\u5883\u8b8a\u6578\uff0c\u4e3b\u8981\u662f\u56e0\u70ba hosts \u6a94\u6848\u6703\u6709\u5169\u500b localhost entry\uff0c\u9084\u6709\u6211\u60f3\u9806\u4fbf\u628a\u4f7f\u7528\u8005\u7684\u5bc6\u78bc\u4e5f\u532f\u5165 LDAP\u3002\r\n\/tmp\/master.passwd \u662f\u9664\u53bb\u7cfb\u7d71\u5e33\u865f\uff08root, toor, dump...\uff09\u4e4b\u5f8c\u7684\u5bc6\u78bc\u6a94\u3002\r\n<ul><code>\r\n      # setenv LDAPADD \"`which ldapadd` -c\"\r\n      # setenv ETC_PASSWD \/tmp\/master.passwd \r\n<\/code><\/ul>","type":"rich"}